GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,017 advisories
Filter by severity
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
High
CVE-2024-29033
was published
for
oauthenticator
(pip)
Mar 20, 2024
Denial of service via regular expression
High
CVE-2024-28865
was published
for
wiki
(pip)
Mar 18, 2024
RCE in TranformGraph().to_dot_graph function
High
CVE-2023-41334
was published
for
astropy
(pip)
Mar 18, 2024
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
High
CVE-2024-26164
was published
for
mssql-django
(pip)
Mar 12, 2024
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
High
CVE-2024-28184
was published
for
weasyprint
(pip)
Mar 8, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
ESPHome vulnerable to remote code execution via arbitrary file write
High
CVE-2024-27081
was published
for
esphome
(pip)
Mar 1, 2024
Docassemble unauthorized access through URL manipulation
High
CVE-2024-27292
was published
for
docassemble.base
(pip)
Feb 29, 2024
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider
High
GHSA-7c9g-vj9m-8pm6
was published
for
scrapy
(pip)
Feb 28, 2024
•
withdrawn
orjson does not limit recursion for deeply nested JSON documents
High
CVE-2024-27454
was published
for
orjson
(pip)
Feb 26, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
High
CVE-2024-27133
was published
for
mlflow
(pip)
Feb 24, 2024
Onnx Directory Traversal vulnerability
High
CVE-2024-27318
was published
for
onnx
(pip)
Feb 23, 2024
pypqc private key retrieval vulnerability
High
GHSA-rc4p-p3j9-6577
was published
for
pypqc
(pip)
Feb 22, 2024
Potentially untrusted input is rendered as HTML in final output
High
CVE-2024-26151
was published
for
mjml
(pip)
Feb 22, 2024
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
High
CVE-2024-26130
was published
for
cryptography
(pip)
Feb 21, 2024
Potential buffer overflow in CBOR2 decoder
High
CVE-2024-26134
was published
for
cbor2
(pip)
Feb 21, 2024
Improper Certificate Validation in apache airflow mongo hook
High
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
Cross-site Scripting in Pyhtml2pdf
High
CVE-2024-1647
was published
for
pyhtml2pdf
(pip)
Feb 20, 2024
Scrapy decompression bomb vulnerability
High
CVE-2024-3572
was published
for
scrapy
(pip)
Feb 16, 2024
Scrapy authorization header leakage on cross-domain redirect
High
CVE-2024-3574
was published
for
scrapy
(pip)
Feb 15, 2024
Scrapy vulnerable to ReDoS via XMLFeedSpider
High
CVE-2024-1892
was published
for
scrapy
(pip)
Feb 15, 2024
python-multipart vulnerable to Content-Type Header ReDoS
High
CVE-2024-24762
was published
for
fastapi
(pip)
Feb 12, 2024
Kinto Attachment's attachments can be replaced on read-only records
High
CVE-2024-1314
was published
for
kinto-attachment
(pip)
Feb 8, 2024
Allegro AI ClearML path traversal vulnerability
High
CVE-2024-24591
was published
for
clearml
(pip)
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API